a security interview question

Every now and then I’ll see a post about interview questions for geeks…I mean, IT employees. One question that just came to mind involves a security position, or one that requires a person who has security in mind.

You have the following services known in your organization. Where/How do you look to keep current on the security issues in these services? Cisco, Microsoft Windows Servers, XYZ ticket system with ABC modules, Skype for IM/VOIP, HP laptops (chosen for a reason), Fedora/BIND DNS servers, IE6 as only desktop browser, and so on…

The obvious first answer all IT persons should give is the manufacturer’s website for patch releases and advisories. But the real security-minded people will know how to go beyond that. For Windows, there are any number of ways to view security released either by WSUS, MBSA, or many dozens of sites that post about them every month. Securiteam, Bugtraq, Full-Disclosure, Secunia, and various other vulnerability disclosure sites have RSS feeds and/or mailing lists that discuss or announce various issues, sometimes in advance of the manufacturers having fixes out. Further knowledge of services like McAfee’s internal threat announcement system can be a bonus as well, especially if it pertains to what you have already deployed in your environment. “Omigosh, they already know about Snort and how to properly update and read new signatures! They’re relevant to me already!” And yes, the ability to subscribe to Bugtraq is one thing, but can they pick out the necessary information from the non-interesting stuff? Do they know the Linux teams regularly post out their advisories there? And so on…

One thought on “a security interview question

Comments are closed.